CISCO : Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability (cisco-sa-20160810-iosxr)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106177

Categoría: CISCO

Título: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability (cisco-sa-20160810-iosxr)

Resumen: A vulnerability in the driver processing functions of Cisco IOS; XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated,; remote attacker to cause a memory leak on the route processor (RP) of an affected device, which; could cause the device to drop all control-plane protocols and lead to a denial of service; condition (DoS) on a targeted system.

Descripción: Summary:
A vulnerability in the driver processing functions of Cisco IOS
XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated,
remote attacker to cause a memory leak on the route processor (RP) of an affected device, which
could cause the device to drop all control-plane protocols and lead to a denial of service
condition (DoS) on a targeted system.

Vulnerability Insight:
The vulnerability is due to improper handling of crafted,
fragmented packets that are directed to an affected device. An attacker could exploit this
vulnerability by sending crafted, fragmented packets to an affected device for processing and
reassembly.

Vulnerability Impact:
A successful exploit could allow the attacker to cause a memory
leak on the RP of the device, which could cause the device to drop all control-plane protocols
and eventually lead to a DoS condition on the targeted system.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-6355
BugTraq ID: 92399
http://www.securityfocus.com/bid/92399
Cisco Security Advisory: 20160810 Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-iosxr
http://www.securitytracker.com/id/1036585

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106177
Categoría:	CISCO
Título:	Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability (cisco-sa-20160810-iosxr)
Resumen:	A vulnerability in the driver processing functions of Cisco IOS; XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated,; remote attacker to cause a memory leak on the route processor (RP) of an affected device, which; could cause the device to drop all control-plane protocols and lead to a denial of service; condition (DoS) on a targeted system.
Descripción:	Summary: A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor (RP) of an affected device, which could cause the device to drop all control-plane protocols and lead to a denial of service condition (DoS) on a targeted system. Vulnerability Insight: The vulnerability is due to improper handling of crafted, fragmented packets that are directed to an affected device. An attacker could exploit this vulnerability by sending crafted, fragmented packets to an affected device for processing and reassembly. Vulnerability Impact: A successful exploit could allow the attacker to cause a memory leak on the RP of the device, which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6355 BugTraq ID: 92399 http://www.securityfocus.com/bid/92399 Cisco Security Advisory: 20160810 Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-iosxr http://www.securitytracker.com/id/1036585
Copyright	Copyright (C) 2016 Greenbone Networks GmbH